I have an Ubuntu server at home which got an SSH server running on 443 and it works fine. Therefore I can tunnel my traffic behind this firewall through SSH.

However, I want to make an VPN connection between the computer behind the firewall and the server via SSH, to make ALL internet connections go through the tunnel without being needed to configure a proxy on every application I need to tunnel.

You do realize, don't you, that if you work at a place that restricts outgoing traffic and they discover you subverting the policy this way they're going to terminate you with cause without stopping to ask why you're doing it, right?
– Paul TomblinAug 26 '10 at 11:46

1

I'm aware of this and I believe that it's cool. Thanks for the warning anyways!
– henrikAug 26 '10 at 15:19

2 Answers
2

Your WindowsXP box would need to become the default route for all your other computers. I do this often using a similar technique to tunnel traffic through an HTTP proxy firewall.

Couple things you need to do:

On your ubuntu server, locate the sshd.conf file and enable, if not already
GatewayPorts yes

Install Putty on your WinXP computer and configure a connection from WinXP to your Ubuntu server and under the Tunnels section, create some tunnel entries making sure to check the box "Local ports accept connections from other hosts", then use some random unprivledged ports. You should have a list like so:

L5000 1.2.3.4:443 where 5000 is the local port you listen on and 1.2.3.4 is your ubuntu server.

Now you need to enable Routing and Remote Access service under the services (right click My Computer, manage & navigate to services section). Once enabled, need to edit the following RegKey:
HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip > Parameters and look for something like “IPEnableRouter”. Double click on it and turn the value from 0 to 1 and reboot your computer.

not sure why, but this dam sight keeps re-numbering my steps, they should be reading 1,2,3,4; not 1,2,1,2....
– KiloAug 26 '10 at 12:09

Awesome, thanks! Gonna try it tomorrow and accept as answer if it works :)
– henrikAug 26 '10 at 15:16

Damn, I'm forced to use DHCP and can't use static IP address. Any solutions to this?
– henrikAug 27 '10 at 8:16

well, plugin the IP given to you by your DHCP server. Just know that if your IP changes, you'll need to adjust accordingly. If you leave your machine on then your IP should renew and stick unless your DHCP provider purposely forces new IPs upon you.
– KiloNov 20 '10 at 0:45

This might not exactly answer the question, but you can also create a dynamic ssh tunnel in the Connecction -> SSH -> Tunnels config screen on PuTTY. This creates a SOCKS proxy on the port you specify which if you alter the windows internet connection settings to use then any app that obeys those will use the proxy.